WO2012057942A1 - Système et procédé de stockage sécurisé de machines virtuelles - Google Patents

Système et procédé de stockage sécurisé de machines virtuelles Download PDF

Info

Publication number
WO2012057942A1
WO2012057942A1 PCT/US2011/052844 US2011052844W WO2012057942A1 WO 2012057942 A1 WO2012057942 A1 WO 2012057942A1 US 2011052844 W US2011052844 W US 2011052844W WO 2012057942 A1 WO2012057942 A1 WO 2012057942A1
Authority
WO
WIPO (PCT)
Prior art keywords
computing system
virtual machine
file
storage
machine file
Prior art date
Application number
PCT/US2011/052844
Other languages
English (en)
Inventor
Stephen D. Pate
Tushar Y. Tambay
Kelvin J. Pryse
Lynn F. Kerby
Blaine T. Cuykendall
Thomas J. Satterlee
Original Assignee
High Cloud Security, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by High Cloud Security, Inc. filed Critical High Cloud Security, Inc.
Publication of WO2012057942A1 publication Critical patent/WO2012057942A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/188Virtual file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention relates generally to computer file storage, particularly storage of virtual machine files.
  • Server virtualization is a technology that allows the transition from distinct physical servers each running different operating systems and applications to a virtualized server that enables multiple physical servers to run concurrently as independent virtual machines (VMs) on one single physical server (the "virtual server " ).
  • the software component that allows multiple guest operating systems (“guests " ) to run simultaneously on the virtual server is the hypervisor (e.g., the VMware ® ESX Server, Citrix*' XenServer, and Microsoft* Hyper- ).
  • the hypervisor is responsible for creating, releasing, and managing the resources of the guest VMs installed.
  • Server virtualization offers savings over traditional dedicated physical servers. Using virtual servers minimizes up-f ont capital costs, requires less hands-on
  • IT information technology
  • CSP cloud service providers
  • Virtualization servers are typically set up as shown in FIG. 1.
  • a guest operating system 101 e.g., Microsoft ® Windows XP VM
  • the hypervisor communicates with a physical file system 104 which organizes VM files 105 stored on a local disk or via network-attached storage accessed via protocols such as an Internet-based Small Computer System
  • iSCSI iSCSI
  • NFS Network File System
  • Stealing a VM is simply a matter of copying (e.g., to a USB thumb drive) 106 the set of VM files, and carrying them out of a data center without authorization.
  • the set of files can be copied over a network (107) to another machine, again without authorization.
  • These appropriated files can run on a home personal computer using free tools from all the major hypervisor vendors.
  • Virtual servers can be secured, but that security comes at a cost. And, if that security impedes the technological benefits that virtualization provides, some companies will avoid virtualization when sensitive data is being processed and thereby miss out on the benefits of virtualization and cloud computing.
  • a computing system for secure storage of one or more virtual machine file comprising: a file system driver of a first computing system configured to intercept from a hypervisor of the first computing system a command to store one or more virtual machine file; a communication module of the first computing system configured to communicate securely with a key store on a second computing system to retrieve one or more encryption key and with a policy store on the second computing system to retrieve one or more policy rule; a key management module of the first computing system configured to obtain the one or more encryption key from the communication module; and a storage management module of the first computing, system configured to obtain the one or more policy rule from the communication module and to inform the file system driver based on the obtained one or more policy rule how to store the one or more virtual machine file in one or more storage pool of a third computing system; wherein the file system driver is further configured to encrypt at least partially the one or more virtual machine file using the one or more obtained encryption key received from the key management module; and transfer the one or more at least partially encrypted virtual machine file through a
  • a computing system for accessing one or more virtual machine file stored securely and at least partially encrypted comprising: a file system driver of a first computing system configured to intercept from a hypervisor of the first computing system a command to access the one or more at least partially encrypted virtual machine file: a communication module of the first computing system configured to communicate securely with a key store on a second computing system to retrieve one or more encryption key and with a policy store on the second computing system to retrieve one or more policy rule; a storage management module of the first computing system configured to obtain the one or more policy rule from the communication module and to inform the file system driver based on the one or more obtained policy rule how to access the one or more at least partially encrypted virtual machine file in one or more storage pool of a third computing system; and a key management module of the first computing system configured to obtain the one or more encryption key from the communication module; wherein the file system driver is further configured to retrieve the one or more at least partially encrypted virtual machine file through a virtual machine file system of the first computing device; decrypt the one
  • a method for secure storage of one or more virtual machine file comprising: intercepting with a file system driver on a first computing system from a hypervisor of the first computing system a command to . store the one or more virtual machine file; retrieving with a communication module of the first computing system through a secure communication channel one or more encryption key from a key store on a second computing system and one or more policy rule from a policy store on the second computing system: obtaining with a key management module of the first computing system the one or more encryption key from the communication module; obtaining with a storage management module of the first computing system the one or more policy rule from the communication module and informing the file system driver how to store the one or more virtual machine file in one or more storage pool of a third computing system based on the one or more received policy rule; encrypting at least partially one or more virtual machine file using the one or more encryption key received from the key management module; and transferring with the file system driver the at least partially encrypted one or more virtual machine file through a virtual
  • a method to access one or more virtual machine file stored securely and at least partially encrypted comprising: intercepting with a file system driver on a first computing system from a hypervisor of the first computing system a command to access the one or more at least partially encrypted virtual machine file; retrieving with a communication module of the first computing system through a secure communication channel one or more policy rule from a policy store on a second computing system and one or more encryption key from a key store on the second computing system; obtaining with a storage management module of the first computing system the one or more policy rule obtained from the communication module; accessing through a virtual machine file system of the first computing system the one or more at least partially encrypted virtual machine file in the one or more storage pool of the third computing system based on the obtained one or more policy rule;
  • a non-transitory computer readable medium having stored thereupon computing instructions comprising: a code segment to intercept with a file system driver on a first computing system from a hypervisor of the first computing system a command to store the one or more virtual machine file; a code segment to retrieve with a communication module of the first computing system through a secure communication channel one or more encryption key from a key store on a second computing system and one or more policy rule from a policy store on the second computing system: a code segment to obtain with a key management module of the first computing system the one or more encryption key from the communication module; a code segment to obtain with a storage management module of the first computing system the one or more policy rule from the communication module and informing the file system driver how to store the one or more virtual machine file in one or more storage pool of a third computing system based on the one or more received policy rule; a code segment to encrypt at least partially one or more virtual machine file using the one or more encryption key received from the key management module; and
  • a non-transitory computer readable medium having stored thereupon computing instructions comprising: a code segment to intercept with a file system driver on a first computing system from a hypervisor of the first computing system a command to access the one or more at least partially encrypted virtual machine file; a code segment to retrieve with a communication module of the first computing system through a secure communication channel one or more policy rule from a policy store on a second computing system and one or more encryption key from a key store on the second computing system; a code segment to obtain with a storage management module of the first computing system the one or more policy rule obtained from the communication module; a code segment to access through a virtual machine file system of the first computing system the one or more at least partially encrypted virtual machine file in the one or more storage pool of the third computing system based on the obtained one or more policy rule; a code segment to obtain with a key management module of the first computing system the one or more encryption key from the communication module; a code segment to decrypt the one or more accessed partially encrypted
  • FIG. 1 is a block diagram illustrating the typical organization of a virtualization server known in the art.
  • FIG. 2 is a block diagram illustrating where CAPS resides within a virtualization platform according to one embodiment.
  • FIG. 3 is a block diagram illustrating how CAFS interfaces with a physical fife system to intercept file calls in one embodiment.
  • FIG. 4 is a block diagram showing components of CAFS according to one embodiment.
  • FIG. 5 is a block diagram illustrating how CAFS maps virtual machine file names through links to storage pools in one embodiment.
  • FIG. 6 is a block diagram illustrating policy evaluation in one embodiment.
  • FIG. 7 is a schematic diagram illustrating a list of available storage pools in one embodiment.
  • FIG. 8 is an exemplary process flow detailing the method to securely store virtual machine files.
  • FIG. 9 is an exemplary process flow detailing the method to access securely stored virtual machine files.
  • CAFS cloud-aware file System
  • CAFS offers a variety of features which provide a seamless integration between on-line access, backup and cloud migration to achieve security and maximize the use of existing storage technologies.
  • CAFS provides support for standard protocols that allow client machines to retrieve files from a server machine.
  • CAFS' ability to integrate with standard protocols allows CAFS to be plugged into any virtualization platform that supports NFS (e.g., VMware ® ESX, Microsoft® Hyper-V, Citrix® XenServer, and Red Hat KVM) or similar protocols.
  • NFS e.g., VMware ® ESX, Microsoft® Hyper-V, Citrix® XenServer, and Red Hat KVM
  • CAFS offers greater flexibility by being able to see individual files of the VM and then store and access those files according to storage policies (described in greater detail below). By having access to the different files within the VM, files can be encrypted on an as-needed basis as data is written through CAFS to back-end storage.
  • CAFS minimizes the impact on computing performance caused by encryption by only encrypting those parts of the VM that customers require to be encrypted (e.g., application data).
  • CAFS further reduces any performance penalty associated with encryption by utilizing any hardware cryptographic support available.
  • CAFS integrates policy and encryption key management thereby allowing CAFS to build storage, encryption, and access controls that apply to a single VM or a set of VMs.
  • CAFS provides a separation of duties at the storage layer, a feature that would be beneficial to multi-tenant providers such as CSPs.
  • encryption keys and policies are created and managed on an external key and policy server which is a hardened appliance with no login access. The encryption keys themselves are protected on disk by being encrypted with a symmetric key which is itself encrypted with a Master Key.
  • CAFS further supports automatic (i.e., while the VM is being accessed) key rotation (a process that requires decrypting with an old key and re- encrypting with a new key) while on-line (i.e., without the need to shut down the VM).
  • key rotation a process that requires decrypting with an old key and re- encrypting with a new key
  • on-line i.e., without the need to shut down the VM.
  • CAFS implements a flexible storage model in which a storage pool mapper is able to store separate files of a VM in one or more storage pool (a collection of similar local or remote storage devices) and migrate VM files among the storage pools while the VM is being accessed for other purposes.
  • a storage pool mapper is able to store separate files of a VM in one or more storage pool (a collection of similar local or remote storage devices) and migrate VM files among the storage pools while the VM is being accessed for other purposes.
  • the one or more storage pool can exist on the same physical host on which CAFS is running, and/or one or more storage pool can be located on non-direct-attached, separate storage devices.
  • CAFS makes VM replicas which can be sent to remote servers for disaster recovery purposes or to move the VMs into and out of the cloud.
  • CAFS provides audit records that aid in support of various compliance requirements for an organization or service provider. Furthermore, CAFS provides information about VM usage and sets of VMs that allow cloud service providers to provide per-customer billing.
  • CAFS Concepts.
  • NFS as an exemplary standards-based file system protocol
  • CAFS can interface with any standards-based file system or storage protocol that allows client machines to retrieve files from a server machine.
  • FIG. 2 illustrates how CAFS is positioned within the virtualization environment.
  • a hypervisor 102 provides a virtualization platform for a guest operating system 101 , and is responsible for managing execution of its commands.
  • CAFS 203 is implemented between hypervisor 102 and an existing physical file system 104 to control the organization of and access to local and/or remote storage pools 206 in which VM files 105 are stored as VM sets 207 (discussed in greater detail below). If CAFS 203 itself is being run as a VM, CAFS 203 can be on the same physical host as hypervisor 102. Preferably, however, CAFS is on a physical host separate from the physical host running hypervisor 102.
  • CAFS 203 is a virtual file system (VFS), preferably implemented as a stackable file system layer preferably in a FreeBSD file system framework, although one of skill in the art will understand that CAFS 203 can be implemented in other computing frameworks and environments.
  • FIG. 3 illustrates how CAFS functions as a stackable file system layer.
  • CAFS 203 intercepts file operations at a VFS/vnode interface layer 301.
  • Physical file system 104 is unaware of the presence of CAFS 203.
  • the kernel responds to any file-related system calls by packaging arguments and invoking the top-most layer of the stack through a set of VFS or vnode interfaces 302.
  • VFS interfaces are application programming interfaces (APIs) in the kernel that allow file system-level operations 304 such as mount, unmount, and stat (for printing file system statistics).
  • Vnode operations are file-level operations 305 such as open, read, write, close and stat (for printing file statistics).
  • APIs application programming interfaces
  • CAFS 203 is able to maintain the mapping between its vnode structure and the vnode structure of the underlying file in the physical file system. Further details about the BSD VFS are accessible at
  • Each open file in FreeBSD UNIX is represented by a vnode structure.
  • All VM files 105 have entries in the physical file system where CAFS is mounted, an area used by CAFS as the default backing store. Some of those entries are special redirector links that reference files in one of the available storage pools, in this case, the CAFS vnode private structure will point to the vnode of the file in that particular storage pool.
  • CAFS file system driver 401 is a virtual file system driver conforming to the VFS / vnode architecture as described above.
  • CAPS driver 401 is preferably implemented as a stackable file system driver, as for example, in a UNIX FreeBSD kernel.
  • CAFS driver 401 on top of physical file system 104 provides additional capabilities above those of physical file system 104, thereby achieving greater flexibility because new file system features can be added without modifying physical file system 104.
  • CAFS driver 401 sits on top of one or more storage pool that can be represented by a file system exporting local physical storage or one of a number of other storage pools comprised of different storage types such as iSCSI and NFS.
  • CAFS portal 402 is a pseudo device driver used for communication between CAFS driver 401 and storage management module 403.
  • Storage management module 403 is a management module (preferably a daemon) responsible for performing tasks that are best suited to running outside of kernel 409 (i.e., those tasks easier to implement in user space).
  • Storage management module 403 is responsible for handling policy decisions, including informing CAFS of where to store VM files 1 05 (i.e., into which storage pools) as the VM files 105 are created.
  • CAFS driver 401 CAFS portal 402, and storage management module 403 also act in concert as a storage pool mapper 404 (as discussed in greater detail herein).
  • Secure communications module 405 is a module (preferably a daemon) that is responsible for communications with a key and policy server 407 to fetch policies and keys as VMs are accessed.
  • Encryption/key management module 406 is a kernel module that interfaces with the operating system's cryptographic interfaces as well as with secure communications module 405 to fetch encryption keys on an as-needed basts (as discussed in greater detail below).
  • CAFS stores each VM in one or more storage pool 206 through the use of storage pool mapper 404 with individual plugin modules that make use of the API (e.g., one plug-in module may be for SCSI storage, and another may be for cloud storage, but both will use the same API).
  • Storage pool mapper 404 is a software interface between CAFS driver 401 , storage management module 403, and CAFS portal 402 which provides a set of functions that make each storage pool look identical regardless of whether the storage pool is backed by physical disks or by a layer that supports backup and/or replication.
  • Storage pool mapper 404 maps components of each VM (i.e., VM files 105) to their various storage pools (for example, C: uses mirrored storage, D: uses encrypted SSD storage), and is also able to move VM files 105 among storage pools while the VM is still being accessed.
  • each storage pool mapper 404 to the storage pools 206 allow the seamless migration of VM components between different pools, the dynamic rekeying of encrypted VM files 105, and the shredding of VM files 105.
  • Operations supported by each storage pool mapper include, without limitation:
  • REKEY - rotate encryption keys This involves switching from one encryption key to another
  • one of the most time-consuming operations is allocation of a zero-filled disk.
  • Some storage pools may be using file systems that support pre- allocation, and most file systems will support sparse files.
  • a mapper running on top of such a file system will utilize the features of the underlying file system to best achieve space allocation.
  • Storage pool 206 can be any back-end storage device, including, without limitation, locally attached storage (e.g., SATA (Serial Advance Technology Attachment (SATA) drives, solid-state drives (SSD), or a redundant array of independent disks (RAID) controller), network-attached storage (NAS), storage area networks (SAN) (via Fiber Channel), an archive server located on a separate server, a tape archive, a cloud portal (a pool that has storage in the cloud), and/or block storage over internet protocols (e.g., iSCSI).
  • Storage pools may comprise local storage for on-line access, local or remote storage for secure backups, and/or remote storage for disaster recovery or for interaction between the data center and the cloud.
  • /tmp files which are not expected to survive a reboot
  • VMs may be stored on an external server using NFS, in which case the storage backing the NFS exported data store is all one type, in this scenario, expensive enteiprise storage could end up being used for both /swap and /tmp, with the consequent result that the move to virtualization (which should reduce costs) could end up costing more than physical servers because of increased storage costs.
  • CAFS allows individual files from any given VM to be mapped to separate storage pools (each of which may have different characteristics) regardless of the guest operating system.
  • a major advantage of this purpose-directed storage provisioning is that storage and performance costs can be minimized.
  • storage provisioning can be arranged as follows: ⁇ Some virtual disk files can be placed in storage with de-duplication
  • Application data (e.g., D: drive files) can be placed on faster storage
  • a snapshot of the VM is taken and copied (entirely or incrementally) elsewhere (to disk or tape).
  • the same principle applies for replication for disaster recovery or for moving in or out of a cloud: a copy of the VM is made and moved to another server in a different physical location.
  • Multi-tenancy features (VM sets). Many CSPs operate "customer islands" to customize multi-tenant virtualization environments. Each customer is given a group of physical machines and the CSP provides a way to segregate these machines into customer islands so that there is no overlap between the workloads and data of one customer and those of another customer. This practice is an inefficient way of managing physical servers and diminishes the benefits of using cloud storage. CAFS instead enables multi- tenant virtualization environments through the use of VM sets.
  • a VM set is a collection of VMs that are related and governed by the same customer-specific policies. VM sets share a similar set of properties such as: storage type (mirroring, de-duplication, number of replicas), security (keys, key states, and associated encryption policies), access controls, and audit records. Grouping VMs into sets with different policies based on customer-specific needs ensures that customers' groups of VMs do not overlap in either use or storage. In a multi-tenant environment, grouping of VMs into a VM set allows one tenant's VMs to be virtually (but not necessarily physically) separated from those of another tenant and to be managed independently, even if the same physical servers and the same storage are being used by one or more tenant.
  • VM set 207 for Customer A may have VM files 105 in local storage pools, SAN/NAS pools, and backup pools
  • VM set 207 for customer B may have VM files 105 in backup pools, disaster recovery pools, and public clouds
  • VM set 207 for customer C may have VM files 105 stored in SAN NAS pools, backup pools, disaster recovery pools, and public clouds.
  • Customers A, B, C may all have VM files 105 in the same backup pool, but since VM files 105 are grouped into sets, customer A's policies restrict access to its VM files 105 such that only customer A's administrators/users can access VM set 207 belonging to A. Likewise, customer B's policies and customer C's policies restrict access to their respective administrators/users. Yet each customer A, B, and C gains the benefit of lower storage costs because each has optimized its storage based on the type of storage needed for its VM files.
  • VM sets can be beneficial within an IT department as well as in a multi-tenant cloud environment.
  • VM sets may be preferred because:
  • a VM set may have different replication ⁇ disaster recovery) and backup needs.
  • ⁇ A VM set can be accessed by a set of virtual servers that have been specified to have access.
  • o VM sets can have different administrators.
  • a VM sets can be assigned to different storage pools.
  • Customer-specific data can be provided by audit records generated on a per-VM set basis. • Separate billing capabilities can be provided by assessing VM usage on a per-VM set basis.
  • e Access can be controlled with different encryption keys for different VM sets, as well as for VM components within a VM set.
  • VMset policies Each VM set has associated policies that establish the administrator-determined rules governing storage, security, access, authentication, and auditing for that VM set.
  • the defined parameters of each policy are defined within the policy descriptor and include information such as, without limitation:
  • CAPS uses these policy descriptors as authentication and access controls for any VM set accessed through NFS. For example, when aVM set is created, the servers that are allowed to access the ' VM are specified within the policy for that VM set. Access by any server not listed will be denied and an audit record will be generated. Policies also designate access windows (the specific time periods during which the VM can be accessed). As an example, a customer workload running in the cloud should only be accessed during business hours Monday to Friday. Any attempt to access the VM at night or over the weekend will result in a denial and an audit record being generated.
  • policies themselves are not stored with the VM set or with any of the VMs.
  • CAFS stores a globally unique identifier (GUID) with each VM file.
  • GUID is a reference to an object (or file) that is stored on the key and policy server and used to fetch the associated policy keys when VM files are accessed.
  • the object or file referenced by the GUID contains CAFS-specific metadata that travels with the VM and has enough information to allow CAFS to find the appropriate key and policy server to fetch the associated policies and encryption keys.
  • VMs are not static.
  • VM sets names can be reused. For example, a VM set called my_vniset that is accessible through NFS mount point /mnt could be archived and deleted from primary storage. In the meantime, another VM with the same name and mount point could be created. At some stage in the future, restoration of one of these VMs could be problematic because both have the same name and mount point. If each VM contains encrypted data, CAFS needs to know which policy descriptor and which encryption keys to use, and which storage policy to apply on restore.
  • FIG. 5 shows the interaction between the different CAFS components when receiving new or updated VM set information.
  • CAFS maps VM file names through links to one or more storage pools. Creation of a new VM set involves pushing a VM set descriptor from key and policy server 407 through secure communications module 405 and storage management module 403 to CAFS driver 401, which then creates the appropriate storage for the new VM set and exports one or more VM file 105 (with VM redirector links 501 and GUIDs 502) through an NFS mount point.
  • the mount point ( nnt tag) and name of the VM set ⁇ name tag) contain enough information to create an appropriate path from wiiich the VM set can be accessed.
  • the vmserv tag lists the virtualization servers that are able to access this VM set.
  • the policy descriptor (pd tag), also referenced by a GU1D, is fetched in response to a VM access or creation. Once fetched, policy descriptors are cached in memory so that they can be easily retrieved on a subsequent access from a virtualization server.
  • CAFS reacts to vnode operations that affect the VM set. As an example shown in FIG. 6, when an attempt is made to access a VM, stored under
  • CAFS driver 401 executes the following sequence:
  • An NFSPROC_C EATE() request is generated by virtualization server kernel 101 which passes the request to NFS 602.
  • NFS 602 calls VOP_CREATE(), which results in a call to cafs_create().
  • CAFS driver 401 determines that a request is being made for the windows _xp VM that resides in the my ymset VM set.
  • e CAFS driver 401 sends a CREATE request to CAFS portal 402 which queues the request for processing by storage management module 403 (listening for requests via CAFS portal 402).
  • Storage management module 403 begins processing to determine whether the policy descriptor is stored locally. If the policy is not local (i.e., not present in storage management module 403), a request is sent (via secure
  • communications module 405, not shown to fetch the policy descriptor from key and policy server 407.
  • o Storage management module 403 looks at the policy to determine
  • CAFS driver 401 via CAFS portal driver 402.
  • CAFS driver 401 reacts in a similar manner to other vnode operations that affect the VM set (e.g., an NFSPROC_READDIR() request to view the contents of the VM set directory). Regardless of the operation requested, CAFS driver 401 responds by informing storage management module 403 which, in turn, requests that secure communications module 405 retrieve the policy descriptor from the key and policy server 407.
  • storage management module 403 which, in turn, requests that secure communications module 405 retrieve the policy descriptor from the key and policy server 407.
  • VM files are created based on properties of the policy descriptor.
  • the policy descriptor contains, in addition to the policy parameters, a set of virtual objects that describe the mapping between VM files and the different storage pools available. The virtual objects also determine whether the file will be encrypted and if so, with what encryption key.
  • a VM consists of a number of files that can be divided into two basic types:
  • Disk Images which are files that store blocks of information representing what would be a disk in the physical Bytes 0-51 1 represent block 0, bytes 512 to 1023 represent block 1 , etc..
  • VMware ® terminology these files have a '.vmdk' extension, while the file extension is : .vhd' in Microsoft ® Hyper-V terminology.
  • the Citrix® open source Xen platform tends to promote the use of disk slices for VMs, but can also use files, although the virtual disk files have no specific naming scheme,
  • ⁇ Metadata which are any information that is not part of the VM disk
  • Metadata include virtuaiization configuration files that inform the hypervisor of the resources that the VM needs to run (e.g., number of CPUs, networking configuration, disk information, etc.) and provide a snapshot of the memory image of the VM if the machine is suspended.
  • a pseudo-storage policy for a VM with three virtual disks might be:
  • Disk- 1 DE_DUP
  • virtual objects are used to determine how to store one or more components within a VM.
  • An exemplary fragment of the policy descriptor XML is shown below.
  • the policy descriptor contains two policy statements (or "virtual objects" contained within each vobj tag) that map a file within a VM to its storage pool, describe the window in which the file can be accessed, the amount of audit data to be generated, and the encryption key to be used. If encryption is not required, the symkey tag will reference a "clear-text" key,
  • 10065 ⁇ Standard regular expressions are preferably used to match against the VM name and files within the VM. These regular expressions are simple enough to match any file within any VM that contains the word "osdisk". For example, if a VM set is exported through /nfs/my_ymset, the virtual object will match against each of the following virtual disks:
  • Regular expressions allow CAFS to match against any naming scheme used by any virtualization platform.
  • VM administrators preferably use a meaningful naming scheme within VM templates to simplify VM administration and ensure that VM disks are recognizable.
  • CAFS Redirector Links Storage pools managed by CAFS 203 are separate physical file systems 104 that are created with the desired storage characteristics and performance.
  • CAFS driver 401 builds a list of available storage pools so that it can map existing files to their correct location and can store newly created files in the storage pool that policy dictates.
  • An exemplary list for three different storage pools (sp Iat, sp_raidl, and sp "ciid5) is shown in FIG. 7.
  • storage pool file systems e.g., symbolically named RATJD5
  • RATJD5 can be found under the /storage _pools directory as shown on the right hand side of the figure.
  • Storage pool mapper 404 also maintains a mapping between files seen by hypervisor 102 and actual files stored within each storage pool 206.
  • Hypervisor 102 is unaware of how files are stored and of the mapping between what the hypervisor sees and the actual storage location of the files.
  • Hypervisor 102 accesses a VM file 105 by going through a redirector file created by CAFS driver 401.
  • hypervisor 102 sends a CREATE request which is intercepted by CAFS driver 401 .
  • storage management module 403 informs CAFS driver 401 that the VM has been authenticated, that a VM file 105 can be created, and where the VM file 105 should reside.
  • CAFS driver 401 then creates the VM file 105 in the file system namespace of the storage pool ⁇ /storage _pooIs/spj'aidl/vm_setl/w _xp/wimp.vmx) and creates the redirector file ⁇ /cqfs/vm_setlhvin_xp/wi p.vmx##sp_raidl).
  • Each VM set contains directories for each VM within its correct storage pool along with a list of redirector files.
  • hypervisor 102 wants to obtain the list of files in a VM, hypervisor 102 issues an NFS_READDIR() operation which translates to a call into CAFS driver 401 through vnode operation cafs_readdir().
  • the cafs_readdir() vnode operation performs the mapping between what a virtual ization server expects and how the files are actually stored on disk.
  • This mapping layer has a number of advantages including the ability to move a file dynamically within the VM from one storage pool to another by modifying only the redirector link for the move to take effect.
  • the file dynamically within the VM from one storage pool to another by modifying only the redirector link for the move to take effect.
  • fhcs/nfs/vm_setl/win_xp/winxp.vmx is contained within the sp_raidl storage pool. To move this file to the sp_raid5 storage pool, the file is copied
  • Hypervisor 102 remains unaware of these changes, and of the original or modified location of the VM file 105.
  • NFS VNODE triggers.
  • CAFS is able to determine actions being taken by any supported hypervisor. For example, in response to an NFS request to access a /mnt directory, a file handle for the /mnt directory is returned and two operations are performed:
  • CAFS driver 401 (1 ) determines whether hypervisor 102 has the correct access rights and (2) downloads the policy that applies to this VM set. If the virtual ization server is authenticated and the VM is allowed to run on the requesting hypervisor, CAFS driver 401 allows access to the files that comprise the VMs.
  • This NFS operation informs CAFS driver 401 that a new VM is being created.
  • an NFSPROC_MKDIR operation for /mnt/vmset_a/myVM results in creation of a new VM called my VM within the VM set vmset j.
  • CAFS driver 401 then responds with an up-call to storage management module 403 to determine what to do with the call based on the VM set policy. [0074] Referring again to FIG. 6. when an NFS operation is received, this triggers CAFS driver 401 to invoke storage management module 403 by placing a request in CAFS portal 402 request queue. Once the request is received by storage management module 403, the request is matched to an appropriate VM set policy and associated policy descriptor.
  • a request may be made from ESX Server 10.2.45.67 to create a directory cailed windows_vni under the path /nfs/m _ymset.
  • This request corresponds to the first step in creation of a new VM.
  • CAFS driver 401 first determines whether this server has the right privileges and is in the right time window to be able to create this VM. Assuming the server is authenticated, ca!is to create files within the new directory are matched with the virtual objects list to determine the storage poo! needed for the file and whether the file should be encrypted.
  • CAFS implements encryption on selected portions of the VM using industry standard encryption algorithms such as, without limitation, the Advanced Encryption Standard (AES, e.g., AES-128 or AES-256).
  • AES Advanced Encryption Standard
  • components to encrypt are determined by the policy descriptor which in turn references symmetric encryption keys that are used to perform the encryption/ decryption.
  • VM files are encrypted or decrypted by intercepting read/write operations (e.g., VOP_READ(), VOP_STRATEGY() and VOP_WRITE()) at the vnode layer. Encryption or decryption of VM files is performed using an encryption framework, preferably BSD Open Cryptographic Framework (OCF) which also allows the addition of hardware cryptographic support.
  • OCF BSD Open Cryptographic Framework
  • CAFS preferably uses Advanced Encryption Standard (AES)- 128 or AES-256 encryption with a cipher-block chaining (CBC) mode.
  • CBC generates a cipher text (encrypted data) for a given plaintext (unencrypted data) by XORing the AES-generated cipher text with a previous AES-sized block (16 bytes). This, however, forces the OCF to read the prior block whenever a read/write request is issued in order to retrieve the previous 16 bytes to use as the initialization vector (IV).
  • IV initialization vector
  • the only exception to this process is for the first 16 bytes (i.e., when the file pointer is set to the beginning of the file), in which case a well-known IV can be used.
  • CAFS attenuates this impact on performance by using an encrypted salt-sector initialization vector (ESSIV) method (e.g., preferably ESSIV 2010) which generates an initial IV for each sector-sized (512 byte) read/write operation by combining a sector number with a hash of the encryption key used for the File.
  • ESSIV salt-sector initialization vector
  • CAFS driver 401 starts up, and secure communications module 405 authenticates the virtual ization server with key and policy server 407. This authentication allows CAFS driver 401 to make subsequent calls to retrieve policy descriptors and encryption keys as VM sets and VMs are being accessed. Specifically, when a subsequent attempt is made to access a VM, CAFS driver 401 determines whether the request is coming from a previously authorized virtual ization server. If so, CAFS driver 401 obtains from encryption/key management module 405 the appropriate VM set policy and encryption keys so that CAFS driver 401 can decrypt data appropriately (for VMs that already exist) or can know how to store VMs that are being created. Virtualization servers that are not authorized are prevented from accessing VM sets using standard NFS export mechanisms. CAFS can also prevent access to VM sets from authenticated servers during specified time windows.
  • Access to a particular VM set or VM is determined in part by pathname and NFS operations (NFSPROC_LOOKUP, NFSPROC_CREATE, etc.) and in part by the way that the polices are defined by the administrator and associated with either a mount point or a position with a specific pathname.
  • CAFS responds to NFS (vnode) operations that in turn reference VM sets or the VMs contained within. For example:
  • NFS_LOOKUP a mount point is unlikely to refer to a specific VM, and, in fact, multiple VM sets may reside under the same NFS mount point as shown below;
  • two VM sets reside under the same mount point (Ms).
  • an administrator designates a position within the pathname where the policy resides. The administrator can specify that a mount point itself is governed by a VM set policy or that multiple VM set polices reside under the same mount point.
  • Other NFS operations within a specific VM or VM set Because NFS is stateless, (i.e., there is no NFSP OC_CLOSE operation), CAFS driver 401 does not know when access to a VM ceases (other than by recording a lack of access over a specific period of time). Thus, any operation within a specific mount point outside of a window of access time is denied.
  • CAFS Auditing. Because the operating system under which CAFS runs is preferably securely locked down to prevent tampering, system information is not available using traditional means such as logging into the machine and running diagnostic utilities. Instead, when a VM is accessed, CAFS tracks and generates audit records about VM and VM set usage by the organization or service provider. These records provide information that CSPs use to provide per-customer billing. Specifically, CAFS tracks ⁇
  • access information i.e., information about who is accessing which VM set and which VM within the set, when the access occurs, the type of access (lookup, read or write), and the name of the server seeking access
  • system information e.g., diagnostic information about the machine environment in which CAFS is running which can be used by administrators to determine faults within the VMs and VM sets
  • capacity planning information e.g., how much storage is available, which VM sets are occupying how much space, and when disk space crosses a predefined thresholds (e.g.. 80% full) so CSPs can easily charge their customers based on expected and actual storage use.
  • CAFS has the ability to generate both alerts and log messages. The location to which these alerts and log messages are to be sent is contained within the VM set policy.
  • CAFS driver 401 intercepts a command from hypervisor 102 to store one or more VM file 105.
  • CAFS driver 401 communicates that request through CAFS portal 402 to storage management module 403, which in turn requests secure communications module 405 to retrieve policies and encryption keys for the VM set containing the one or more VM file 105.
  • secure communications module 405 communicates with external key and policy server 407 to fetch the policy descriptor containing one or more policy for VM file(s) 105.
  • step 803 secure communication module 405 communicates with
  • encryption/key management module 407 to determine whether one or more encryption key is needed. If any encryption key is needed, secure communications module 405 communicates with external key and policy server 407 to fetch the necessary encryption key(s) for the VM file(s) 105 to be stored.
  • encryption/key management module 406 obtains (from secure communication module 405) the encryption key(s) for the VM file(s) 105 to be stored, and then transfers the encryption key(s) to CAFS driver 401.
  • CAFS driver 401 encrypts (at least in part) the VM file(s) using the encryption key(s) obtained from encryption/key management module 406.
  • step 805 storage management module 403 obtains the policy descriptor from secure communication module 405.
  • Storage management module 403 informs CAFS driver 401 how to store the VM file(s) 105 based on the policy descriptor obtained from storage management module 403.
  • CAFS driver 401 transfers the at least partially encrypted VM file(s) 105 through the physical file system to one or more storage pool 206 based on the policies contained within the policy descriptor.
  • CAFS driver 401 intercepts a command from hypervisor 102 to access one or more at least partially encrypted VM file 105 securely stored in one or more storage pool 206.
  • CAFS driver 401 communicates that request through CAFS portal 402 to storage management module 403.
  • Storage management module 403 determines whether the policy descriptor for the encrypted VM file(s) 105 is stored locally. If the policy descriptor is not stored locally, storage management module 403 requests secure communications module 405 to retrieve policies and any necessary encryption key(s) for the VM set containing the encrypted VM file(s) 105.
  • storage management module 403 requests secure communications module 405 to retrieve the encryption key(s) for the VM set containing the encrypted VM file(s) 105. 10088] In step 902, secure communications module 405 communicates with external key and policy server 407 to fetch, if necessary, the policy descriptor containing one or more policy for the encrypted VM file(s) 105. Storage management module 403 obtains the policy descriptor, if necessary, from secure communications module 405, and informs CAFS driver 401 of policies governing access to the encrypted VM file(s) 105.
  • secure communication module 405 communicates with external key and policy server 407 to fetch the encryption key(s) for the encrypted VM file(s) 105.
  • Secure communications module 405 conveys the encryption key(s) to encryption/key management module 406.
  • CAFS driver 401 accesses (through the physical file system) the encrypted VM file(s) 105 stored in one or more storage pool.
  • CAFS' access is based on one or more policy contained within the policy descriptor obtained from storage m an agem ent modu le 403.
  • CAFS driver 401 decrypts the accessed encrypted VM file(s) 105 using the encryption key(s) obtained from encryption/key management module 406.
  • CAFS driver 401 transfers the decrypted VM file(s) 105 to hypervisor 102.

Abstract

La présente invention concerne un système de fichiers virtuels qui est implémenté dans une plateforme de virtualisation sous forme d'une couche d'un système de fichiers empilables qui intercepte des opérations sur des fichiers entre un hyperviseur et un système de fichiers réels. Le système de fichiers virtuels chiffre (au moins en partie) des fichiers de machines virtuelles devant être stockés, organise les fichiers de machines virtuelles chiffrés dans des ensembles de machines virtuelles, puis met en correspondance et stocke les ensembles de machines virtuelles chiffrés dans des groupements de stockage. Le stockage des fichiers et l'accès aux fichiers dans les ensembles de machines virtuelles sont commandés par l'utilisation de politiques qui sont déterminées par un administrateur et qui régissent le stockage, la sécurité, la commande d'accès, l'authentification et l'audit. Le système et le procédé selon la présente invention permettent une intégration continue entre un centre de données (par exemple un nuage privé) et des ressources informatiques desservies par l'Internet et supportées par des prestataires de services infonuagiques (par exemple des nuages publics) tout en assurant que les besoins de sécurité des clients et des prestataires de services infonuagiques soient satisfaits.
PCT/US2011/052844 2010-10-27 2011-09-22 Système et procédé de stockage sécurisé de machines virtuelles WO2012057942A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US40713310P 2010-10-27 2010-10-27
US61/407,133 2010-10-27

Publications (1)

Publication Number Publication Date
WO2012057942A1 true WO2012057942A1 (fr) 2012-05-03

Family

ID=45994309

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/052844 WO2012057942A1 (fr) 2010-10-27 2011-09-22 Système et procédé de stockage sécurisé de machines virtuelles

Country Status (2)

Country Link
US (2) US9053339B2 (fr)
WO (1) WO2012057942A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2759955A1 (fr) * 2013-01-28 2014-07-30 ST-Ericsson SA Sauvegarde et restauration sécurisé de stockage protégé
EP3009929A1 (fr) * 2014-06-02 2016-04-20 Storagecraft Technology Corporation Données propriétaires d'exposition à un hyperviseur en tant que données d'hyperviseur natif
EP2949073A4 (fr) * 2013-01-28 2016-10-19 Digitalmailer Inc Système de stockage virtuel et procédés de cryptage de fichier
US10078525B2 (en) 2015-01-26 2018-09-18 Storagecraft Technology Corporation Exposing a proprietary image backup to a hypervisor as a disk file that is bootable by the hypervisor
CN109479062A (zh) * 2016-07-22 2019-03-15 微软技术许可有限责任公司 混合云计算系统中的使用跟踪
US10893029B1 (en) * 2015-09-08 2021-01-12 Amazon Technologies, Inc. Secure computing service environment
US11206304B2 (en) 2016-07-22 2021-12-21 Microsoft Technology Licensing, Llc Access services in hybrid cloud computing systems

Families Citing this family (124)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8307177B2 (en) 2008-09-05 2012-11-06 Commvault Systems, Inc. Systems and methods for management of virtualization data
US9122538B2 (en) 2010-02-22 2015-09-01 Virtustream, Inc. Methods and apparatus related to management of unit-based virtual resources within a data center environment
US9027017B2 (en) 2010-02-22 2015-05-05 Virtustream, Inc. Methods and apparatus for movement of virtual resources within a data center environment
AU2011261831B2 (en) * 2010-06-02 2014-03-20 VMware LLC Securing customer virtual machines in a multi-tenant cloud
US11449394B2 (en) 2010-06-04 2022-09-20 Commvault Systems, Inc. Failover systems and methods for performing backup operations, including heterogeneous indexing and load balancing of backup and indexing resources
WO2012057942A1 (fr) * 2010-10-27 2012-05-03 High Cloud Security, Inc. Système et procédé de stockage sécurisé de machines virtuelles
US8943023B2 (en) * 2010-12-29 2015-01-27 Amazon Technologies, Inc. Receiver-side data deduplication in data systems
US8856175B2 (en) * 2010-12-29 2014-10-07 Robert E. Marsh Method and computer-readable media for managing business transactions
CA2766731C (fr) * 2011-02-03 2019-12-03 Afore Solutions Inc. Procede et systeme de stockage nuagique
US8799920B2 (en) * 2011-08-25 2014-08-05 Virtustream, Inc. Systems and methods of host-aware resource management involving cluster-based resource pools
CN103493016B (zh) 2011-04-21 2017-06-06 惠普发展公司,有限责任合伙企业 电子设备及将应用程序安装到虚拟化环境中的方法
US20120297066A1 (en) * 2011-05-19 2012-11-22 Siemens Aktiengesellschaft Method and system for apparatus means for providing a service requested by a client in a public cloud infrastructure
US8984104B2 (en) * 2011-05-31 2015-03-17 Red Hat, Inc. Self-moving operating system installation in cloud-based network
WO2013019869A2 (fr) 2011-08-01 2013-02-07 Actifio, Inc. Prise d'empreinte de données pour assurance d'exactitude de copie
US9270459B2 (en) * 2011-09-20 2016-02-23 Cloudbyte, Inc. Techniques for achieving tenant data confidentiality from cloud service provider administrators
US9792451B2 (en) * 2011-12-09 2017-10-17 Echarge2 Corporation System and methods for using cipher objects to protect data
US8966479B2 (en) * 2012-02-10 2015-02-24 Vmware, Inc. Application-specific data in-flight services along a communication path selected based on a DIF services policy associated with a VM
US9772909B1 (en) * 2012-03-30 2017-09-26 EMC IP Holding Company LLC Dynamic proxy server assignment for virtual machine backup
CN103593256B (zh) 2012-08-15 2017-05-24 阿里巴巴集团控股有限公司 一种基于多层排重的虚机快照备份方法和系统
US8438654B1 (en) 2012-09-14 2013-05-07 Rightscale, Inc. Systems and methods for associating a virtual machine with an access control right
US10614099B2 (en) 2012-10-30 2020-04-07 Ubiq Security, Inc. Human interactions for populating user information on electronic forms
US9311121B2 (en) 2012-12-21 2016-04-12 Commvault Systems, Inc. Archiving virtual machines in a data storage system
US20140181044A1 (en) 2012-12-21 2014-06-26 Commvault Systems, Inc. Systems and methods to identify uncharacterized and unprotected virtual machines
US9424267B2 (en) * 2013-01-02 2016-08-23 Oracle International Corporation Compression and deduplication layered driver
US9703584B2 (en) 2013-01-08 2017-07-11 Commvault Systems, Inc. Virtual server agent load balancing
US20140201151A1 (en) 2013-01-11 2014-07-17 Commvault Systems, Inc. Systems and methods to select files for restoration from block-level backup for virtual machines
US9286110B2 (en) 2013-01-14 2016-03-15 Commvault Systems, Inc. Seamless virtual machine recall in a data storage system
US9930066B2 (en) 2013-02-12 2018-03-27 Nicira, Inc. Infrastructure level LAN security
AU2014216207A1 (en) * 2013-02-13 2015-09-10 Security First Corp. Systems and methods for a cryptographic file system layer
TWI502384B (zh) * 2013-02-19 2015-10-01 Acer Inc 檔案追蹤方法及其所適用之網路通訊裝置
US9342341B2 (en) * 2013-03-14 2016-05-17 Alcatel Lucent Systems and methods for deploying an application and an agent on a customer server in a selected network
US9569476B2 (en) 2013-04-02 2017-02-14 International Business Machines Corporation Intelligent data routing and storage provisioning
US9641614B2 (en) 2013-05-29 2017-05-02 Microsoft Technology Licensing, Llc Distributed storage defense in a cluster
US10404520B2 (en) 2013-05-29 2019-09-03 Microsoft Technology Licensing, Llc Efficient programmatic memory access over network file access protocols
US20150066717A1 (en) * 2013-08-27 2015-03-05 Connectloud, Inc. Method and apparatus for service offering metering
US9939981B2 (en) 2013-09-12 2018-04-10 Commvault Systems, Inc. File manager integration with virtualization in an information management system with an enhanced storage manager, including user control and storage management of virtual machines
CN103607426B (zh) * 2013-10-25 2019-04-09 中兴通讯股份有限公司 安全服务订制方法和装置
US9904603B2 (en) 2013-11-18 2018-02-27 Actifio, Inc. Successive data fingerprinting for copy accuracy assurance
US10831895B2 (en) * 2013-12-13 2020-11-10 International Business Machines Corporation Running local virtual disks containing applications with limited licenses
US9529617B2 (en) * 2014-03-21 2016-12-27 Ca, Inc. Instant virtual machines
US9507844B2 (en) 2014-03-28 2016-11-29 International Business Machines Corporation Automatic adjustment of data replication based on data access
US9563518B2 (en) 2014-04-02 2017-02-07 Commvault Systems, Inc. Information management by a media agent in the absence of communications with a storage manager
CN103955654A (zh) * 2014-04-02 2014-07-30 西北工业大学 基于虚拟文件系统的u盘安全存储方法
US10445509B2 (en) * 2014-06-30 2019-10-15 Nicira, Inc. Encryption architecture
US9424151B2 (en) 2014-07-02 2016-08-23 Hedvig, Inc. Disk failure recovery for virtual disk with policies
US9875063B2 (en) * 2014-07-02 2018-01-23 Hedvig, Inc. Method for writing data to a virtual disk using a controller virtual machine and different storage and communication protocols
US9798489B2 (en) 2014-07-02 2017-10-24 Hedvig, Inc. Cloning a virtual disk in a storage platform
US9558085B2 (en) 2014-07-02 2017-01-31 Hedvig, Inc. Creating and reverting to a snapshot of a virtual disk
US10067722B2 (en) 2014-07-02 2018-09-04 Hedvig, Inc Storage system for provisioning and storing data to a virtual disk
US9864530B2 (en) * 2014-07-02 2018-01-09 Hedvig, Inc. Method for writing data to virtual disk using a controller virtual machine and different storage and communication protocols on a single storage platform
US9483205B2 (en) 2014-07-02 2016-11-01 Hedvig, Inc. Writing to a storage platform including a plurality of storage clusters
US20160019317A1 (en) 2014-07-16 2016-01-21 Commvault Systems, Inc. Volume or virtual machine level backup and generating placeholders for virtual machine files
US9509718B1 (en) * 2014-07-17 2016-11-29 Sprint Communications Company L.P. Network-attached storage solution for application servers
KR101613130B1 (ko) * 2014-08-08 2016-04-18 숭실대학교산학협력단 다중 스마트폰 및 그 제어방법
US9710465B2 (en) 2014-09-22 2017-07-18 Commvault Systems, Inc. Efficiently restoring execution of a backed up virtual machine based on coordination with virtual-machine-file-relocation operations
US9417968B2 (en) 2014-09-22 2016-08-16 Commvault Systems, Inc. Efficiently restoring execution of a backed up virtual machine based on coordination with virtual-machine-file-relocation operations
US9436555B2 (en) 2014-09-22 2016-09-06 Commvault Systems, Inc. Efficient live-mount of a backed up virtual machine in a storage management system
WO2016049227A1 (fr) 2014-09-23 2016-03-31 FHOOSH, Inc. Opérations sécurisées à haut débit de stockage, consultation, récupération et transmission de données
US10579823B2 (en) 2014-09-23 2020-03-03 Ubiq Security, Inc. Systems and methods for secure high speed data generation and access
US10776209B2 (en) 2014-11-10 2020-09-15 Commvault Systems, Inc. Cross-platform virtual machine backup and replication
US9983936B2 (en) 2014-11-20 2018-05-29 Commvault Systems, Inc. Virtual machine change block tracking
EP3032453B1 (fr) * 2014-12-08 2019-11-13 eperi GmbH Stockage de données dans un ordinateur serveur avec une infrastructure de cryptage/décryptage déployable
US10083196B2 (en) * 2015-02-04 2018-09-25 Delphix Corporation Creating secure virtual databases storing masked data
US9807077B2 (en) * 2015-03-10 2017-10-31 Polyverse Corporation Systems and methods for containerized data security
US10630686B2 (en) 2015-03-12 2020-04-21 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US10560440B2 (en) 2015-03-12 2020-02-11 Fornetix Llc Server-client PKI for applied key management system and process
US9967289B2 (en) * 2015-03-12 2018-05-08 Fornetix Llc Client services for applied key management systems and processes
US10965459B2 (en) 2015-03-13 2021-03-30 Fornetix Llc Server-client key escrow for applied key management system and process
US9892265B1 (en) * 2015-03-31 2018-02-13 Veritas Technologies Llc Protecting virtual machine data in cloud environments
KR20160122413A (ko) * 2015-04-14 2016-10-24 삼성전자주식회사 전자 장치 및 전자 장치의 파일 리드 및 라이트 방법
KR20170019762A (ko) * 2015-08-12 2017-02-22 삼성전자주식회사 파일 시스템을 제어하는 전자 장치 및 그 동작 방법
US9767318B1 (en) * 2015-08-28 2017-09-19 Frank Dropps Secure controller systems and associated methods thereof
US9934395B2 (en) * 2015-09-11 2018-04-03 International Business Machines Corporation Enabling secure big data analytics in the cloud
US10917239B2 (en) 2016-02-26 2021-02-09 Fornetix Llc Policy-enabled encryption keys having ephemeral policies
US11063980B2 (en) 2016-02-26 2021-07-13 Fornetix Llc System and method for associating encryption key management policy with device activity
US10348485B2 (en) 2016-02-26 2019-07-09 Fornetix Llc Linking encryption key management with granular policy
US10931653B2 (en) 2016-02-26 2021-02-23 Fornetix Llc System and method for hierarchy manipulation in an encryption key management system
US10860086B2 (en) 2016-02-26 2020-12-08 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US10880281B2 (en) 2016-02-26 2020-12-29 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US10592350B2 (en) 2016-03-09 2020-03-17 Commvault Systems, Inc. Virtual server cloud file system for virtual machine restore to cloud operations
US10498726B2 (en) * 2016-03-22 2019-12-03 International Business Machines Corporation Container independent secure file system for security application containers
US10248174B2 (en) 2016-05-24 2019-04-02 Hedvig, Inc. Persistent reservations for virtual disk using multiple targets
US10798073B2 (en) * 2016-08-26 2020-10-06 Nicira, Inc. Secure key management protocol for distributed network encryption
US10887324B2 (en) 2016-09-19 2021-01-05 Ntt Research, Inc. Threat scoring system and method
US10474548B2 (en) 2016-09-30 2019-11-12 Commvault Systems, Inc. Heartbeat monitoring of virtual machines for initiating failover operations in a data storage management system, using ping monitoring of target virtual machines
CN107968794B (zh) * 2016-10-18 2023-05-12 中兴通讯股份有限公司 一种虚拟光驱挂载方法及系统、服务器、终端
US10162528B2 (en) 2016-10-25 2018-12-25 Commvault Systems, Inc. Targeted snapshot based on virtual machine location
US10152251B2 (en) 2016-10-25 2018-12-11 Commvault Systems, Inc. Targeted backup of virtual machine
US10678758B2 (en) 2016-11-21 2020-06-09 Commvault Systems, Inc. Cross-platform virtual machine data and memory backup and replication
US11290532B2 (en) 2016-12-16 2022-03-29 International Business Machines Corporation Tape reconstruction from object storage
US10430602B2 (en) 2016-12-16 2019-10-01 International Business Machines Corporation Tape processing offload to object storage
US11393046B1 (en) * 2017-01-17 2022-07-19 Intuit Inc. System and method for perpetual rekeying of various data columns with a frequency and encryption strength based on the sensitivity of the data columns
US10303895B1 (en) 2017-01-19 2019-05-28 Intuit Inc. System and method for perpetual rekeying of various data columns with respective encryption keys and on alternating bases
US11757857B2 (en) * 2017-01-23 2023-09-12 Ntt Research, Inc. Digital credential issuing system and method
US9817675B1 (en) 2017-01-31 2017-11-14 Hytrust, Inc. Methods and systems for attaching an encrypted data partition during the startup of an operating system
US10509733B2 (en) * 2017-03-24 2019-12-17 Red Hat, Inc. Kernel same-page merging for encrypted memory
US10896100B2 (en) 2017-03-24 2021-01-19 Commvault Systems, Inc. Buffered virtual machine replication
US10387073B2 (en) 2017-03-29 2019-08-20 Commvault Systems, Inc. External dynamic virtual machine synchronization
US10209917B2 (en) 2017-04-20 2019-02-19 Red Hat, Inc. Physical memory migration for secure encrypted virtual machines
US10379764B2 (en) 2017-05-11 2019-08-13 Red Hat, Inc. Virtual machine page movement for encrypted memory
US11354420B2 (en) 2017-07-21 2022-06-07 Red Hat, Inc. Re-duplication of de-duplicated encrypted memory
US10841089B2 (en) 2017-08-25 2020-11-17 Nutanix, Inc. Key managers for distributed computing systems
US10834081B2 (en) * 2017-10-19 2020-11-10 International Business Machines Corporation Secure access management for tools within a secure environment
US20190138621A1 (en) * 2017-11-07 2019-05-09 FHOOSH, Inc. High-speed secure virtual file system
US10587412B2 (en) * 2017-11-07 2020-03-10 International Business Machines Corporation Virtual machine structure
US10848468B1 (en) 2018-03-05 2020-11-24 Commvault Systems, Inc. In-flight data encryption/decryption for a distributed storage platform
US10877928B2 (en) 2018-03-07 2020-12-29 Commvault Systems, Inc. Using utilities injected into cloud-based virtual machines for speeding up virtual machine backup operations
US11349656B2 (en) 2018-03-08 2022-05-31 Ubiq Security, Inc. Systems and methods for secure storage and transmission of a data stream
US11200124B2 (en) 2018-12-06 2021-12-14 Commvault Systems, Inc. Assigning backup resources based on failover of partnered data storage servers in a data storage management system
US10768971B2 (en) 2019-01-30 2020-09-08 Commvault Systems, Inc. Cross-hypervisor live mount of backed up virtual machine data
US10996974B2 (en) 2019-01-30 2021-05-04 Commvault Systems, Inc. Cross-hypervisor live mount of backed up virtual machine data, including management of cache storage for virtual machine data
US10956140B2 (en) 2019-04-05 2021-03-23 Sap Se Software installation through an overlay file system
US11113249B2 (en) * 2019-04-05 2021-09-07 Sap Se Multitenant application server using a union file system
US11232078B2 (en) 2019-04-05 2022-01-25 Sap Se Multitenancy using an overlay file system
US11614956B2 (en) 2019-12-06 2023-03-28 Red Hat, Inc. Multicast live migration for encrypted virtual machines
US11711351B2 (en) * 2020-01-14 2023-07-25 Vmware, Inc. Distributed management and installation of digital certificates on a cluster for authentication with an external key management service
US11467753B2 (en) 2020-02-14 2022-10-11 Commvault Systems, Inc. On-demand restore of virtual machine data
US11442768B2 (en) 2020-03-12 2022-09-13 Commvault Systems, Inc. Cross-hypervisor live recovery of virtual machines
US11099956B1 (en) 2020-03-26 2021-08-24 Commvault Systems, Inc. Snapshot-based disaster recovery orchestration of virtual machine failover and failback operations
US11500669B2 (en) 2020-05-15 2022-11-15 Commvault Systems, Inc. Live recovery of virtual machines in a public cloud computing environment
US11841961B2 (en) * 2020-07-02 2023-12-12 International Business Machines Corporation Management of computing secrets
US11734197B2 (en) * 2020-07-31 2023-08-22 EMC IP Holding Company LLC Methods and systems for resilient encryption of data in memory
US11841971B2 (en) * 2020-09-29 2023-12-12 Oracle International Corporation Systems and methods for customer data handling
US11656951B2 (en) 2020-10-28 2023-05-23 Commvault Systems, Inc. Data loss vulnerability detection

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080155223A1 (en) * 2006-12-21 2008-06-26 Hiltgen Daniel K Storage Architecture for Virtual Machines
US20090204964A1 (en) * 2007-10-12 2009-08-13 Foley Peter F Distributed trusted virtualization platform
US20090249337A1 (en) * 2007-12-20 2009-10-01 Virtual Computer, Inc. Running Multiple Workspaces on a Single Computer with an Integrated Security Facility
US20090319782A1 (en) * 2008-06-20 2009-12-24 Lockheed Martin Corporation Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments
US20100146501A1 (en) * 2008-12-09 2010-06-10 David Wyatt Method and apparatus for the secure processing of confidential content within a virtual machine of a processor
US20100169948A1 (en) * 2008-12-31 2010-07-01 Hytrust, Inc. Intelligent security control system for virtualized ecosystems

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6438642B1 (en) * 1999-05-18 2002-08-20 Kom Networks Inc. File-based virtual storage file system, method and computer program product for automated file management on multiple file system storage devices
US20050050342A1 (en) * 2003-08-13 2005-03-03 International Business Machines Corporation Secure storage utility
WO2005078606A2 (fr) * 2004-02-11 2005-08-25 Storage Technology Corporation Services de fichiers hierarchiques groupes
US8528107B1 (en) * 2005-09-19 2013-09-03 Vmware, Inc. Enforcing restrictions related to a virtualized computer environment
US20070143459A1 (en) * 2005-12-19 2007-06-21 Lucent Technologies Inc. Protection of privacy-sensitive information through redundancy, encryption and distribution of information
US8458422B1 (en) * 2005-12-22 2013-06-04 Oracle America, Inc. Policy based creation of export sets and backup media
US7529785B1 (en) * 2006-02-28 2009-05-05 Symantec Corporation Efficient backups using dynamically shared storage pools in peer-to-peer networks
US8015563B2 (en) * 2006-04-14 2011-09-06 Microsoft Corporation Managing virtual machines with system-wide policies
US7882329B2 (en) * 2007-09-24 2011-02-01 International Business Machines Corporation Cancellation of individual logical volumes in premigration chains
WO2009081530A1 (fr) * 2007-12-26 2009-07-02 Nec Corporation Système informatique virtuel, système d'application de politique, procédé d'application de politique et programme de commande d'ordinateur virtuel
US8489995B2 (en) * 2008-03-18 2013-07-16 Rightscale, Inc. Systems and methods for efficiently managing and configuring virtual servers
JP2009237763A (ja) * 2008-03-26 2009-10-15 Hitachi Ltd サーバシステム及びその制御方法
US8146147B2 (en) * 2008-03-27 2012-03-27 Juniper Networks, Inc. Combined firewalls
US8171278B2 (en) * 2008-08-11 2012-05-01 Vmware, Inc. Booting a computer system from central storage
US9559842B2 (en) * 2008-09-30 2017-01-31 Hewlett Packard Enterprise Development Lp Trusted key management for virtualized platforms
US20100162002A1 (en) * 2008-12-23 2010-06-24 David Dodgson Virtual tape backup arrangement using cryptographically split storage
US20100199351A1 (en) * 2009-01-02 2010-08-05 Andre Protas Method and system for securing virtual machines by restricting access in connection with a vulnerability audit
US8566362B2 (en) * 2009-01-23 2013-10-22 Nasuni Corporation Method and system for versioned file system using structured data representations
US8538919B1 (en) * 2009-05-16 2013-09-17 Eric H. Nielsen System, method, and computer program for real time remote recovery of virtual computing machines
US20110113235A1 (en) * 2009-08-27 2011-05-12 Craig Erickson PC Security Lock Device Using Permanent ID and Hidden Keys
US8654659B2 (en) * 2009-12-23 2014-02-18 Citrix Systems, Inc. Systems and methods for listening policies for virtual servers of appliance
US8346934B2 (en) * 2010-01-05 2013-01-01 Hitachi, Ltd. Method for executing migration between virtual servers and server system used for the same
US20110238737A1 (en) * 2010-03-26 2011-09-29 Nec Laboratories America, Inc. Decentralized cloud storage
US8326803B1 (en) * 2010-05-06 2012-12-04 Symantec Corporation Change tracking of individual virtual disk files
CN101853363B (zh) * 2010-05-07 2012-08-08 飞天诚信科技股份有限公司 一种文件保护方法及系统
JP4922443B2 (ja) * 2010-08-26 2012-04-25 株式会社東芝 コンピュータシステム、情報処理装置およびセキュリティ保護方法
WO2012057942A1 (fr) * 2010-10-27 2012-05-03 High Cloud Security, Inc. Système et procédé de stockage sécurisé de machines virtuelles
US8930685B2 (en) * 2011-12-13 2015-01-06 International Business Machines Corporation Deployment of a software image on multiple targets with streaming technique

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080155223A1 (en) * 2006-12-21 2008-06-26 Hiltgen Daniel K Storage Architecture for Virtual Machines
US20090204964A1 (en) * 2007-10-12 2009-08-13 Foley Peter F Distributed trusted virtualization platform
US20090249337A1 (en) * 2007-12-20 2009-10-01 Virtual Computer, Inc. Running Multiple Workspaces on a Single Computer with an Integrated Security Facility
US20090319782A1 (en) * 2008-06-20 2009-12-24 Lockheed Martin Corporation Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments
US20100146501A1 (en) * 2008-12-09 2010-06-10 David Wyatt Method and apparatus for the secure processing of confidential content within a virtual machine of a processor
US20100169948A1 (en) * 2008-12-31 2010-07-01 Hytrust, Inc. Intelligent security control system for virtualized ecosystems

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2759955A1 (fr) * 2013-01-28 2014-07-30 ST-Ericsson SA Sauvegarde et restauration sécurisé de stockage protégé
EP2949073A4 (fr) * 2013-01-28 2016-10-19 Digitalmailer Inc Système de stockage virtuel et procédés de cryptage de fichier
EP3009929A1 (fr) * 2014-06-02 2016-04-20 Storagecraft Technology Corporation Données propriétaires d'exposition à un hyperviseur en tant que données d'hyperviseur natif
US9684458B2 (en) 2014-06-02 2017-06-20 Storagecraft Technology Corporation Exposing proprietary data to a hypervisor as native hypervisor data
US10078525B2 (en) 2015-01-26 2018-09-18 Storagecraft Technology Corporation Exposing a proprietary image backup to a hypervisor as a disk file that is bootable by the hypervisor
US10628208B2 (en) 2015-01-26 2020-04-21 Exablox Corporation Exposing a proprietary image backup to a hypervisor as a disk file that is bootable by the hypervisor
US10893029B1 (en) * 2015-09-08 2021-01-12 Amazon Technologies, Inc. Secure computing service environment
CN109479062A (zh) * 2016-07-22 2019-03-15 微软技术许可有限责任公司 混合云计算系统中的使用跟踪
CN109479062B (zh) * 2016-07-22 2021-06-15 微软技术许可有限责任公司 混合云计算系统中的使用跟踪
US11206304B2 (en) 2016-07-22 2021-12-21 Microsoft Technology Licensing, Llc Access services in hybrid cloud computing systems

Also Published As

Publication number Publication date
US9699155B2 (en) 2017-07-04
US20150244693A1 (en) 2015-08-27
US9053339B2 (en) 2015-06-09
US20120110328A1 (en) 2012-05-03

Similar Documents

Publication Publication Date Title
US9699155B2 (en) Cloud aware file system
US11507681B2 (en) Encryption for a distributed filesystem
US10911225B2 (en) Optimizable full-path encryption in a virtualization environment
US20190238323A1 (en) Key managers for distributed computing systems using key sharing techniques
US10362030B2 (en) Method and system for providing access to administrative functionality a virtualization environment
US8805951B1 (en) Virtual machines and cloud storage caching for cloud computing applications
US8997096B1 (en) Scalable and secure high-level storage access for cloud computing platforms
US8812876B1 (en) Enforcing restrictions related to a virtualized computer environment
US11502824B2 (en) Encryption by default in an elastic computing system
US11475138B2 (en) Creation and execution of secure containers
US20130275973A1 (en) Virtualisation system
Kappes et al. Dike: Virtualization-aware Access Control for Multitenant Filesystems
US11755753B2 (en) Mechanism to enable secure memory sharing between enclaves and I/O adapters
US9182982B1 (en) Techniques for creating an encrypted virtual hard disk
US11693581B2 (en) Authenticated stateless mount string for a distributed file system
US9977912B1 (en) Processing backup data based on file system authentication
Kappes et al. Multitenant access control for cloud-aware distributed filesystems
US9407433B1 (en) Mechanism for implementing key-based security for nodes within a networked virtualization environment for storage management
US10867052B1 (en) Encryption intermediary for volume creation
US20220269809A1 (en) Leveraging access controls to secure backup data stored on a cloud-based object storage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11836813

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11836813

Country of ref document: EP

Kind code of ref document: A1